Metasploit mailing list archives
Re: using nessus/nmap along with metasploit
From: egypt () metasploit com
Date: Mon, 16 Aug 2010 12:31:08 -0600
The <> are there to indicate something that you need to provide. You don't need them when running the command. If your filename is hts.xml and is in the current directory, your command should be "db_import_nmap_xml hts.xml". Also, nmap never reports vulnerabilities, only services (since it is a port scanner, not a vulnerability scanner), so "db_autopwn -x -t" will never show you any exploits after only an nmap scan. egypt On Mon, Aug 16, 2010 at 11:51 AM, Robert Portvliet <robert.portvliet () gmail com> wrote:
Was the XML file you used generated by nmap using the -oX switch? You can use 'db_autopwn -x -t' to show you exploits matched to services. The easiest way to do all of this is just run db_nmap -A (like you did), this will run nmap with service & OS scanning as well as any NSE scripts nmap findfs relevant to a given service based on it's service scan. It will then import these finding into the Metasploit database where you can then (as mentioned above) match exploits to potentially vulnerable services using 'db_autopwn -x -t'. On Mon, Aug 16, 2010 at 1:26 PM, Binoy Dalal <lttazz99 () gmail com> wrote:as you can see metasploit was unable to read the nmap file hts.xml what could be the reason? i did manage to get nmap working along with metasploit. you can see the report below. msf > db_connect [-] Note that sqlite is not supported due to numerous issues. [-] It may work, but don't count on it [*] Successfully connected to the database [*] File: /home/BINOY/.msf3/sqlite3.db msf > db_add_host 64.32.24.200 [*] Adding 1 hosts... [*] Time: 2010-08-16 17:14:46 UTC Host: host=64.32.24.200 msf > db_import_nmap_xml <hts.xml> [*] Could not read the NMAP file Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2010-08-16 22:46 India Standard msf > db_nmap -A -Pn 64.32.24.200 Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2010-08-16 22:47 India Standard Time Nmap scan report for rdns.hackthissite.org (64.32.24.200) WARNING: RST from 64.32.24.200 port 22 -- is this port really open? WARNING: RST from 64.32.24.200 port 22 -- is this port really open? WARNING: RST from 64.32.24.200 port 22 -- is this port really open? WARNING: RST from 64.32.24.200 port 22 -- is this port really open? WARNING: RST from 64.32.24.200 port 22 -- is this port really open? WARNING: RST from 64.32.24.200 port 22 -- is this port really open? Host is up (0.0083s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh? 53/tcp open domain? 80/tcp open http? Device type: firewall Running: ZyXEL ZyNOS 3.X OS details: ZyXEL ZyWALL 2 or Prestige 660HW-61 ADSL router (ZyNOS 3.62) Network Distance: 1 hop TRACEROUTE (using port 1720/tcp) HOP RTT ADDRESS 1 0.00 ms rdns.hackthissite.org (64.32.24.200) OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 40.42 seconds msf > dn_services [-] Unknown command: dn_services. msf > db_services Services ======== created_at info name port proto state updated_at Host Workspace ---------- ---- ---- ---- ----- ----- ---------- ---- --------- 2010-08-16 17:18:24 UTC 22 tcp open 2010-08-16 17:18:24 UTC 64.32.24.200 default 2010-08-16 17:18:24 UTC 53 tcp open 2010-08-16 17:18:24 UTC 64.32.24.200 default 2010-08-16 17:18:24 UTC 80 tcp open 2010-08-16 17:18:24 UTC 64.32.24.200 default i then did this...did i do it right? msf > db_vulns msf > db_autopwn [*] Usage: db_autopwn [options] -h Display this help text -t Show all matching exploit modules -x Select modules based on vulnerability references -p Select modules based on open ports -e Launch exploits against all matched targets -r Use a reverse connect shell -b Use a bind shell on a random port (default) -q Disable exploit module output -R [rank] Only run modules with a minimal rank -I [range] Only exploit hosts inside this range -X [range] Always exclude hosts inside this range -PI [range] Only exploit hosts with these ports open -PX [range] Always exclude hosts with these ports open -m [regex] Only run modules whose name matches the regex -T [secs] Maximum runtime for any exploit in seconds msf > db_autopwn -e it did not return a reverse shell probably because the victim isnt vulnerable but did i use it right or is there more to it? thanks On Mon, Aug 16, 2010 at 9:46 PM, Robert Portvliet <robert.portvliet () gmail com> wrote:Did you use the -oX switch (saves as xml) to save your nmap output? Actually, can I see your full syntax for both cases? On Mon, Aug 16, 2010 at 7:24 AM, Binoy Dalal <lttazz99 () gmail com> wrote:i tried using the db_import_nmap_xml <name.xml> to import scans but every time i tried it said: could not read the nmap file am i doing something wrong or is there some problem with my nmap? also i added hosts to the database using the db_add_host command and then tried db_nmap -A but everytime it said that the host is not up and didnt scan it. i then tried the same thing using nmap and i got a proper scan report. i cant figure out where i am going wrong. please help thanks _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework---- _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- using nessus/nmap along with metasploit Binoy Dalal (Aug 15)
- Re: using nessus/nmap along with metasploit Robert Portvliet (Aug 15)
- Re: using nessus/nmap along with metasploit egypt (Aug 15)
- <Possible follow-ups>
- Re: using nessus/nmap along with metasploit Binoy Dalal (Aug 16)
- Re: using nessus/nmap along with metasploit Robert Portvliet (Aug 16)
- Message not available
- Re: using nessus/nmap along with metasploit Robert Portvliet (Aug 16)
- Re: using nessus/nmap along with metasploit egypt (Aug 16)
- Re: using nessus/nmap along with metasploit Robert Portvliet (Aug 16)